@go-mondo/identity-sdk 0.0.2-beta.44 → 0.0.2-beta.45

package/dist/cjs/oauth/token/schema/grants/client-credentials.js

@@ -33,31 +33,29 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ClientCredentialsSchema = exports.ClientCredentialsPayloadSchema = void 0;
+exports.ClientCredentialsRequestSchema = void 0;
 const z = __importStar(require("zod/v4"));
-const schema_js_1 = require("../../../../app/schema.js");
-const schema_js_2 = require("../../../common/schema.js");
+const schema_js_1 = require("../../../common/schema.js");
+const common_js_1 = require("./common.js");
 /**
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2
  */
-const GrantTypeSchema = z.enum([schema_js_2.GrantType.CLIENT_CREDENTIALS]);
+const GrantTypeSchema = z.enum([schema_js_1.GrantType.CLIENT_CREDENTIALS]);
 /**
- * What the incoming body may look like.
+ * Note: Prior to using this schema, the headers should be checked for
+ * HTTP Basic Authentication. If present, the client_id and client_secret
+ * should be included in with the payload before parsing.
  *
- * Note: the client_id and client_secrete may (likely) be in Authorization header
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2
  */
-exports.ClientCredentialsPayloadSchema = z.object({
-    grant_type: GrantTypeSchema,
-    scope: z.string().optional(),
-    client_id: schema_js_1.AppIdSchema.optional(),
-    client_secret: z.string().optional(),
-    ...schema_js_2.OptionalSchema.shape,
-});
-exports.ClientCredentialsSchema = z.object({
-    ...exports.ClientCredentialsPayloadSchema.omit({
-        client_id: true,
-        client_secret: true,
-    }).shape,
-    client_id: schema_js_1.AppIdSchema,
-    client_secret: z.string(),
+exports.ClientCredentialsRequestSchema = z.object({
+    /**
+     * REQUIRED. Value MUST be set to "client_credentials".
+     */
+    grant_type: GrantTypeSchema.describe('The grant type.'),
+    /**
+     * OPTIONAL. The scope of the access request.
+     */
+    scope: schema_js_1.ScopeSchema.optional(),
+    ...common_js_1.ClientRequestSchema.shape,
 });

package/dist/cjs/oauth/token/schema/grants/common.d.ts

@@ -0,0 +1,6 @@
+import * as z from 'zod/v4';
+export declare const ClientRequestSchema: z.ZodObject<{
+    client_id: z.ZodString;
+    client_secret: z.ZodString;
+}, z.core.$strip>;
+//# sourceMappingURL=common.d.ts.map

package/dist/cjs/oauth/token/schema/grants/common.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/token/schema/grants/common.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAE5B,eAAO,MAAM,mBAAmB;;;iBAc9B,CAAC"}

package/dist/cjs/oauth/token/schema/grants/common.js

@@ -0,0 +1,52 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ClientRequestSchema = void 0;
+const app_1 = require("src/app");
+const z = __importStar(require("zod/v4"));
+exports.ClientRequestSchema = z.object({
+    /**
+     * REQUIRED. The client identifier.
+     * NOTE: This is only required in the body if the client is NOT authenticating
+     * via the HTTP "Authorization" header (Basic Auth).
+     */
+    client_id: app_1.AppIdSchema.describe('The Client ID.'),
+    /**
+     * REQUIRED. The client secret.
+     * NOTE: This is only required in the body if the client is NOT authenticating
+     * via the HTTP "Authorization" header (Basic Auth).
+     */
+    client_secret: z.string().min(1).describe('The Client Secret.'),
+});

package/dist/cjs/oauth/token/schema/grants/refresh-token.d.ts

@@ -1,12 +1,16 @@
 import * as z from 'zod/v4';
-export declare const RefreshTokenSchema: z.ZodObject<{
+/**
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
+ */
+export declare const RefreshTokenRequestSchema: z.ZodObject<{
+    client_id: z.ZodString;
+    client_secret: z.ZodString;
     grant_type: z.ZodEnum<{
         refresh_token: "refresh_token";
     }>;
     refresh_token: z.ZodString;
     scope: z.ZodOptional<z.ZodString>;
-    client_id: z.ZodString;
-    client_secret: z.ZodString;
 }, z.core.$strip>;
-export type RefreshTokenPayload = z.output<typeof RefreshTokenSchema>;
+export type RefreshTokenRequestInput = z.input<typeof RefreshTokenRequestSchema>;
+export type RefreshTokenRequestPayload = z.output<typeof RefreshTokenRequestSchema>;
 //# sourceMappingURL=refresh-token.d.ts.map

package/dist/cjs/oauth/token/schema/grants/refresh-token.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"refresh-token.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/token/schema/grants/refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAS5B,eAAO,MAAM,kBAAkB;;;;;;;;iBAM7B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,kBAAkB,CAAC,CAAC"}
+{"version":3,"file":"refresh-token.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/token/schema/grants/refresh-token.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAS5B;;GAEG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;iBAmBpC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAC5C,OAAO,yBAAyB,CACjC,CAAC;AACF,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAC/C,OAAO,yBAAyB,CACjC,CAAC"}

package/dist/cjs/oauth/token/schema/grants/refresh-token.js

@@ -33,18 +33,31 @@ var __importStar = (this && this.__importStar) || (function () {
     };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.RefreshTokenSchema = void 0;
+exports.RefreshTokenRequestSchema = void 0;
 const z = __importStar(require("zod/v4"));
-const schema_js_1 = require("../../../../app/schema.js");
-const schema_js_2 = require("../../../common/schema.js");
+const schema_js_1 = require("../../../common/schema.js");
+const common_js_1 = require("./common.js");
 /**
  * @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
  */
-const GrantTypeSchema = z.enum([schema_js_2.GrantType.REFRESH_TOKEN]);
-exports.RefreshTokenSchema = z.object({
-    grant_type: GrantTypeSchema,
-    refresh_token: z.string(),
-    scope: z.string().optional(),
-    client_id: schema_js_1.AppIdSchema,
-    client_secret: z.string(),
+const GrantTypeSchema = z.enum([schema_js_1.GrantType.REFRESH_TOKEN]);
+/**
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-6
+ */
+exports.RefreshTokenRequestSchema = z.object({
+    /**
+     * REQUIRED. Value MUST be set to "refresh_token".
+     */
+    grant_type: GrantTypeSchema.describe('The grant type.'),
+    /**
+     * REQUIRED. The refresh token issued to the client.
+     */
+    refresh_token: z.string().min(1).describe('The refresh token.'),
+    /**
+     * OPTIONAL. The scope of the access request. If omitted, the scope is
+     * unchanged from the original grant. If specified, it must be equal to or
+     * a subset of the original scope.
+     */
+    scope: schema_js_1.ScopeSchema.optional(),
+    ...common_js_1.ClientRequestSchema.shape,
 });

package/dist/cjs/oauth/token/schema/schema.d.ts

@@ -5,31 +5,41 @@ export * from './grants/refresh-token.js';
 /**
  * Union(s)
  */
-export declare const Schema: z.ZodDiscriminatedUnion<[z.ZodObject<{
+export declare const RequestSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
     code_verifier: z.ZodOptional<z.ZodString>;
+    client_id: z.ZodString;
+    client_secret: z.ZodString;
     grant_type: z.ZodEnum<{
         authorization_code: "authorization_code";
     }>;
     code: z.ZodString;
-    client_id: z.ZodString;
-    client_secret: z.ZodOptional<z.ZodString>;
-    redirect_uri: z.ZodURL;
+    redirect_uri: z.ZodOptional<z.ZodURL>;
 }, z.core.$strip>, z.ZodObject<{
     client_id: z.ZodString;
     client_secret: z.ZodString;
-    audience: z.ZodOptional<z.ZodString>;
-    scope: z.ZodOptional<z.ZodString>;
     grant_type: z.ZodEnum<{
         client_credentials: "client_credentials";
     }>;
+    scope: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>, z.ZodObject<{
+    client_id: z.ZodString;
+    client_secret: z.ZodString;
     grant_type: z.ZodEnum<{
         refresh_token: "refresh_token";
     }>;
     refresh_token: z.ZodString;
     scope: z.ZodOptional<z.ZodString>;
-    client_id: z.ZodString;
-    client_secret: z.ZodString;
 }, z.core.$strip>], "grant_type">;
-export type Payload = z.output<typeof Schema>;
+export type RequestInput = z.input<typeof RequestSchema>;
+export type RequestPayload = z.output<typeof RequestSchema>;
+export declare const ResponseSchema: z.ZodObject<{
+    access_token: z.ZodString;
+    token_type: z.ZodLiteral<"Bearer">;
+    expires_in: z.ZodOptional<z.ZodNumber>;
+    refresh_token: z.ZodOptional<z.ZodString>;
+    scope: z.ZodOptional<z.ZodString>;
+    id_token: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type ResponseInput = z.input<typeof ResponseSchema>;
+export type ResponsePayload = z.output<typeof ResponseSchema>;
 //# sourceMappingURL=schema.d.ts.map

package/dist/cjs/oauth/token/schema/schema.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../../src/oauth/token/schema/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAM5B,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,2BAA2B,CAAC;AAE1C;;GAEG;AACH,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;iCAIjB,CAAC;AACH,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,MAAM,CAAC,CAAC"}
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../../../../src/oauth/token/schema/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAO5B,cAAc,gCAAgC,CAAC;AAC/C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,2BAA2B,CAAC;AAE1C;;GAEG;AACH,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;iCAIxB,CAAC;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AACzD,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,aAAa,CAAC,CAAC;AAK5D,eAAO,MAAM,cAAc;;;;;;;iBA6CzB,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAC3D,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,cAAc,CAAC,CAAC"}

package/dist/cjs/oauth/token/schema/schema.js

@@ -36,8 +36,9 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.Schema = void 0;
+exports.ResponseSchema = exports.RequestSchema = void 0;
 const z = __importStar(require("zod/v4"));
+const schema_js_1 = require("../../common/schema.js");
 const authorization_code_js_1 = require("./grants/authorization-code.js");
 const client_credentials_js_1 = require("./grants/client-credentials.js");
 const refresh_token_js_1 = require("./grants/refresh-token.js");
@@ -47,8 +48,52 @@ __exportStar(require("./grants/refresh-token.js"), exports);
 /**
  * Union(s)
  */
-exports.Schema = z.discriminatedUnion('grant_type', [
-    authorization_code_js_1.AuthorizationCodeSchema,
-    client_credentials_js_1.ClientCredentialsSchema,
-    refresh_token_js_1.RefreshTokenSchema,
+exports.RequestSchema = z.discriminatedUnion('grant_type', [
+    authorization_code_js_1.AuthorizationCodeRequestSchema,
+    client_credentials_js_1.ClientCredentialsRequestSchema,
+    refresh_token_js_1.RefreshTokenRequestSchema,
 ]);
+/*
+ * @see https://datatracker.ietf.org/doc/html/rfc6749#section-5.1
+ */
+exports.ResponseSchema = z.object({
+    /**
+     * REQUIRED. The access token issued by the authorization server.
+     * Typically a JWT or an opaque string.
+     */
+    access_token: z
+        .string()
+        .min(1)
+        .describe('The access token issued by the authorization server.'),
+    /**
+     * REQUIRED. The type of the token issued. Value is typically 'Bearer'.
+     */
+    token_type: z
+        .literal('Bearer')
+        .describe('The type of the token issued. Must be "Bearer".'),
+    /**
+     * RECOMMENDED. The lifetime in seconds of the access token.
+     * For example, the value 3600 represents an expiration time of one hour.
+     */
+    expires_in: z
+        .number()
+        .int()
+        .positive()
+        .optional()
+        .describe('The lifetime in seconds of the access token.'),
+    /**
+     * OPTIONAL. The refresh token, which can be used to obtain a new access token
+     * when the current one expires.
+     */
+    refresh_token: z.string().min(1).optional().describe('The refresh token.'),
+    /**
+     * OPTIONAL. The scope of the access token as issued by the authorization server.
+     * If omitted, the scope is the same as the scope originally requested by the client.
+     */
+    scope: schema_js_1.ScopeSchema.optional(),
+    /**
+     * OPTIONAL, for OpenID Connect (OIDC). The ID token, a JWT that contains claims
+     * about the authentication of the end-user.
+     */
+    id_token: z.string().min(1).optional().describe('The ID Token (OIDC only).'),
+});

package/dist/cjs/oauth/token/schema/schema.test.js

@@ -10,9 +10,10 @@ const schema_js_1 = require("./schema.js");
                 grant_type: 'authorization_code',
                 code: 'auth_code_123',
                 client_id: (0, utils_js_1.generateAppId)(),
+                client_secret: 'secret_123',
                 redirect_uri: 'https://example.com/callback',
             };
-            const result = schema_js_1.Schema.safeParse(payload);
+            const result = schema_js_1.RequestSchema.safeParse(payload);
             // Parse succeeds for valid data
             (0, vitest_1.expect)(result.success).toBe(true);
             if (result.success) {
@@ -24,10 +25,11 @@ const schema_js_1 = require("./schema.js");
                 grant_type: 'authorization_code',
                 code: 'auth_code_123',
                 client_id: (0, utils_js_1.generateAppId)(),
+                client_secret: 'secret_123',
                 redirect_uri: 'https://example.com/callback',
                 code_verifier: 'pkce_verifier_123',
             };
-            const result = schema_js_1.Schema.safeParse(payload);
+            const result = schema_js_1.RequestSchema.safeParse(payload);
             // Parse succeeds for valid data
             (0, vitest_1.expect)(result.success).toBe(true);
             if (result.success) {
@@ -42,7 +44,7 @@ const schema_js_1 = require("./schema.js");
                 client_secret: 'secret_123',
                 redirect_uri: 'https://example.com/callback',
             };
-            const result = schema_js_1.Schema.safeParse(payload);
+            const result = schema_js_1.RequestSchema.safeParse(payload);
             // Parse succeeds for valid data
             (0, vitest_1.expect)(result.success).toBe(true);
             if (result.success) {
@@ -56,7 +58,7 @@ const schema_js_1 = require("./schema.js");
                 client_secret: 'secret_123',
                 scope: 'read write',
             };
-            const result = schema_js_1.Schema.safeParse(payload);
+            const result = schema_js_1.RequestSchema.safeParse(payload);
             // Parse succeeds for valid data
             (0, vitest_1.expect)(result.success).toBe(true);
             if (result.success) {
@@ -71,7 +73,7 @@ const schema_js_1 = require("./schema.js");
                 client_secret: 'secret_123',
                 scope: 'read',
             };
-            const result = schema_js_1.Schema.safeParse(payload);
+            const result = schema_js_1.RequestSchema.safeParse(payload);
             // Parse succeeds for valid data
             (0, vitest_1.expect)(result.success).toBe(true);
             if (result.success) {
@@ -85,7 +87,7 @@ const schema_js_1 = require("./schema.js");
                 client_id: (0, utils_js_1.generateAppId)(),
                 redirect_uri: 'https://example.com/callback',
             };
-            const result = schema_js_1.Schema.safeParse(payload);
+            const result = schema_js_1.RequestSchema.safeParse(payload);
             (0, vitest_1.expect)(result.success).toBe(false);
         });
         (0, vitest_1.test)('should reject authorization code without required fields', () => {
@@ -94,7 +96,7 @@ const schema_js_1 = require("./schema.js");
                 client_id: (0, utils_js_1.generateAppId)(),
                 // missing code and redirect_uri
             };
-            const result = schema_js_1.Schema.safeParse(payload);
+            const result = schema_js_1.RequestSchema.safeParse(payload);
             (0, vitest_1.expect)(result.success).toBe(false);
         });
         (0, vitest_1.test)('should reject invalid redirect URI', () => {
@@ -104,7 +106,7 @@ const schema_js_1 = require("./schema.js");
                 client_id: (0, utils_js_1.generateAppId)(),
                 redirect_uri: 'not-a-valid-url',
             };
-            const result = schema_js_1.Schema.safeParse(payload);
+            const result = schema_js_1.RequestSchema.safeParse(payload);
             (0, vitest_1.expect)(result.success).toBe(false);
         });
         (0, vitest_1.test)('should reject client credentials without required fields', () => {
@@ -113,7 +115,7 @@ const schema_js_1 = require("./schema.js");
                 client_id: (0, utils_js_1.generateAppId)(),
                 // missing client_secret
             };
-            const result = schema_js_1.Schema.safeParse(payload);
+            const result = schema_js_1.RequestSchema.safeParse(payload);
             (0, vitest_1.expect)(result.success).toBe(false);
         });
         (0, vitest_1.test)('should reject refresh token without required fields', () => {
@@ -122,14 +124,14 @@ const schema_js_1 = require("./schema.js");
                 client_id: 'app_123',
                 // missing refresh_token and client_secret
             };
-            const result = schema_js_1.Schema.safeParse(payload);
+            const result = schema_js_1.RequestSchema.safeParse(payload);
             (0, vitest_1.expect)(result.success).toBe(false);
         });
         (0, vitest_1.test)('should reject completely invalid payload', () => {
             const payload = {
                 invalid: 'data',
             };
-            const result = schema_js_1.Schema.safeParse(payload);
+            const result = schema_js_1.RequestSchema.safeParse(payload);
             (0, vitest_1.expect)(result.success).toBe(false);
         });
     });

package/dist/esm/oauth/authorize/schema/grants/authorization-code.d.ts

@@ -1,6 +1,6 @@
 import * as z from 'zod/v4';
 export declare const CodeChallengeSchema: z.ZodString;
-export declare const AuthorizationCodeSchema: z.ZodObject<{
+export declare const AuthorizationCodeRequestSchema: z.ZodObject<{
     code_challenge_method: z.ZodOptional<z.ZodEnum<{
         S256: "S256";
         plain: "plain";
@@ -29,5 +29,6 @@ export declare const AuthorizationCodeSchema: z.ZodObject<{
     scope: z.ZodOptional<z.ZodString>;
     state: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>;
-export type AuthorizationCodePayload = z.output<typeof AuthorizationCodeSchema>;
+export type AuthorizationCodeRequestInput = z.input<typeof AuthorizationCodeRequestSchema>;
+export type AuthorizationCodeRequestPayload = z.output<typeof AuthorizationCodeRequestSchema>;
 //# sourceMappingURL=authorization-code.d.ts.map

package/dist/esm/oauth/authorize/schema/grants/authorization-code.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-code.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/authorize/schema/grants/authorization-code.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAiB5B,eAAO,MAAM,mBAAmB,aAKmC,CAAC;AAmCpE,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAyBhC,CAAC;AACL,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,uBAAuB,CAAC,CAAC"}
+{"version":3,"file":"authorization-code.d.ts","sourceRoot":"","sources":["../../../../../../src/oauth/authorize/schema/grants/authorization-code.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,CAAC,MAAM,QAAQ,CAAC;AAiB5B,eAAO,MAAM,mBAAmB,aAKmC,CAAC;AAyCpE,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAyBvC,CAAC;AACL,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CACjD,OAAO,8BAA8B,CACtC,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CACpD,OAAO,8BAA8B,CACtC,CAAC"}

package/dist/esm/oauth/authorize/schema/grants/authorization-code.js

@@ -30,11 +30,15 @@ export const CodeChallengeSchema = z
 //   message: 'code_challenge and code_challenge_method must both be present or both be absent',
 // });
 const OAuthSchema = z.object({
-    response_type: ResponseTypeSchema,
-    client_id: AppIdSchema,
-    redirect_uri: z.url().optional(),
-    scope: z.string().optional(),
-    state: z.string().optional(),
+    response_type: ResponseTypeSchema.describe('Must be set to "code" for Authorization Code flow.'),
+    client_id: AppIdSchema.describe('The Client ID.'),
+    redirect_uri: z.url().optional().describe('The callback URL.'),
+    scope: z
+        .string()
+        .min(1)
+        .optional()
+        .describe('Space-delimited scope strings.'),
+    state: z.string().min(1).optional().describe('Opaque value to prevent CSRF.'),
 });
 const OIDCSchema = z.object({
     nonce: z.string().optional(),
@@ -42,7 +46,7 @@ const OIDCSchema = z.object({
     prompt: AuthorizationPromptSchema.optional(),
     max_age: z.number().int().min(0).optional(),
 });
-export const AuthorizationCodeSchema = z
+export const AuthorizationCodeRequestSchema = z
     .object({
     ...OAuthSchema.shape,
     ...OIDCSchema.shape,